The government department responsible for the protection of online data today broke its own rules when it revealed the email addresses of hundreds of journalists.
The Department for Digital, Culture, Media and Sport gaffe comes just weeks after much more serious errors by the Home Office, which revealed contact details of thousands of members of the public.
In a press release about the implementation date of the new porn block rules, a DCMS staffer appears to have CC’d a list of names instead of making them BCC’d, which would have hidden them from each of the recipients.
Under General Data Protection Regulations (GDPR) introduced last year, this is an offence.
The Independent Inquiry into Child Sexual Abuse was fined £200,000 for revealing the names of 90 individuals in August.
Fines for breaching GDPR are severe –” administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater”.
DCMS’ budget is around £7billion meaning a possible fine, in the unlikely event they did find themselves in breach, of £280 million.
A DCMS spokesperson said in a statement: “In sending a news release to journalists an administrative, human error meant email addresses could be seen by others.
“DCMS takes data privacy extremely seriously and we apologise to those affected.”
It’s not the first time a government department has found itself in the firing line over data privacy in recent weeks – earlier this month the Home Office was forced to apologise after it accidentally sharing of the private details of EU nationals aiming to obtain settled status in Britain.
The email addresses of 240 people were “inadvertently” sent to fellow applicants in a gaffe described by Shadow Home Secretary Dianne Abbot as “shambolic”, adding the government’s “mismanagement of the Home Office” was “the most shambolic of all”.
Just days before, the Home Office had apologised for making a data protection blunder while circulating information about the Windrush compensation scheme.
Another “administrative error” meant that emails sent to some individuals and organisations who had registered an interest in being kept informed about the launch of the scheme included email addresses of other recipients.
Five batches of emails, each with 100 recipients, were affected. No other personal data was included.
Immigration Minister Caroline Nokes disclosed the error in a written statement to the House of Commons.
She said: “Regrettably, in promoting the scheme via email to interested parties, an administrative error was made which has meant data protection requirements have not been met, for which the Home Office apologises unreservedly.”
GDPR courses are available online (BCC - The Government)